packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:8f4af8f2d0c5af6ac0eddf5caa8ed565407d9607
Branches Tags
packages:main
...
compare: packages:f06d6eefc24a9c10897e01cea21de5e93988708b
Branches Tags
packages:main

10 Commits
8f4af8f2d0 ... f06d6eefc2

Author SHA1 Message Date
openeuler-ci-bot
f06d6eefc2
!127 backport patches to fix bug 
From: @xuraoqing 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2024-06-19 07:03:07 +00:00
xuraoqing
ea72bf0c59 backport patches to fix bug 
Signed-off-by: xuraoqing <609179072@qq.com>
 2024-06-19 08:49:44 +08:00
openeuler-ci-bot
bbab0e87ff
!113 backport patches from upstream 
From: @fangxiuning 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2024-03-22 07:38:02 +00:00
fangxiuning
b400c98ce7 modify 2024-03-22 15:08:36 +08:00
openeuler-ci-bot
e8cbc47277
!107 backport upstream patches 
From: @fangxiuning 
Reviewed-by: @huangzq6 
Signed-off-by: @huangzq6
 2024-02-02 07:21:24 +00:00
fangxiuning
c6f16f0d50 change 2024-02-02 15:08:02 +08:00
openeuler-ci-bot
ddffca7eb4
!106 backport upstream patches 
From: @fangxiuning 
Reviewed-by: @huangzq6 
Signed-off-by: @huangzq6
 2024-02-02 06:26:15 +00:00
fangxiuning
c50e1aa3fb change 2024-02-02 14:09:30 +08:00
openeuler-ci-bot
4d12570bfb
!96 backport patches from upstream 
From: @HuaxinLuGitee 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2023-12-29 01:19:29 +00:00
Huaxin Lu
d22ef7736c backport patches from upstream 2023-12-28 22:33:43 +08:00
32 changed files with 2812 additions and 3 deletions
Show Stats Expand all files Collapse all files

52
audit.spec
View File

@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing
Name: audit
Epoch: 1
Version: 3.0.1
Release: 11
Release: 16
License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -46,8 +46,39 @@ Patch34: backport-Try-to-interpret-OPENAT2-fields-correctly.patch
Patch35: backport-Add-a-buffer-limit-just-in-case.patch
Patch36: backport-Teardown-SIGCONT-watcher-on-exit.patch
Patch37: backport-Correct-path-of-config-file.patch
Patch38: backport-Fix-the-error-found-by-clang-tidy-313.patch
Patch39: backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch
Patch38: backport-Fix-the-error-found-by-clang-tidy-313.patch
Patch39: backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch
Patch40: backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
Patch41: backport-Error-out-if-required-zos-parameters-missing.patch
Patch42: backport-Fix-deprecated-python-function.patch
Patch43: backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch
Patch44: backport-lib-enclose-macro-to-avoid-precedence-issues.patch
Patch45: backport-memory-allocation-updates-341.patch
Patch46: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
Patch47: backport-Make-session-id-consistently-typed-327.patch
Patch48: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch
Patch49: backport-fix-the-use-of-isdigit-everywhere.patch
Patch50: backport-Fix-new-warnings-for-unused-results.patch
Patch51: backport-Change-the-first-iteration-test-so-static-analysis-b.patch
Patch52: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch
Patch53: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch
Patch54: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch
Patch55: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch
Patch56: backport-Cleanup-shell-script-warnings.patch
Patch57: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch
Patch58: backport-first-part-of-NULL-pointer-checks.patch
Patch59: backport-second-part-of-NULL-pointer-checks.patch
Patch60: backport-last-part-of-NULL-pointer-checks.patch
Patch61: backport-Fixed-NULL-checks.patch
Patch62: backport-update-error-messages-in-NULL-Checks.patch
Patch63: backport-adding-the-file-descriptor-closure.patch
Patch64: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch
Patch65: backport-Use-atomic_int-if-available-for-signal-related-flags.patch
Patch66: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch
Patch67: backport-avoiding-of-NULL-pointers-dereference-366.patch
Patch68: backport-Cleanup-code-in-LRU.patch
Patch69: backport-Fix-memory-leaks.patch
Patch70: backport-fix-one-more-leak.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -383,6 +414,21 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog
* Wed Jun 19 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-16
- backport patches from upstream
* Tue Mar 19 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-15
- backport patches from upstream
* Fri Feb 2 2024 fangxiuning <fangxiuning@huawei.com> - 1:3.0.1-14
- backport patches from upstream
* Fri Feb 2 2024 fangxiuning <fangxiuning@huawei.com> - 1:3.0.1-13
- backport patches from upstream
* Thu Dec 28 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.1-12
- backport patches from upstream
* Thu Sep 14 2023 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-11
- backport patches from upstream

119
backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch Normal file
View File

@ -0,0 +1,119 @@
From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Sat, 4 Nov 2023 03:48:39 +0100
Subject: [PATCH] Avoid file descriptor leaks in multi-threaded applications
(#339)
* lib: set close-on-exec flag
libaudit may be called from a multi-threaded application.
Avoid leaking local file descriptors on a concurrent execve.
* lib: simplify SOCK_CLOEXEC
SOCK_CLOEXEC is supported since Linux 2.6.27.
Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba
Conflict:lib/audit_logging.c,lib/libaudit.c,lib/netlink.c
---
lib/audit_logging.c | 2 +-
lib/libaudit.c | 10 +++++-----
lib/netlink.c | 12 +-----------
3 files changed, 7 insertions(+), 17 deletions(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index a9f3257..1e521fe 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size)
if (comm == NULL) {
int len;
- int fd = open("/proc/self/comm", O_RDONLY);
+ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC);
if (fd < 0) {
strcpy(commname, "\"?\"");
return commname;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 5843ac0..eda51e8 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -220,7 +220,7 @@ static int load_libaudit_config(const char *path)
char buf[128];
/* open the file */
- rc = open(path, O_NOFOLLOW|O_RDONLY);
+ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (rc < 0) {
if (errno != ENOENT) {
audit_msg(LOG_ERR, "Error opening %s (%s)",
@@ -260,7 +260,7 @@ static int load_libaudit_config(const char *path)
}
/* it's ok, read line by line */
- f = fdopen(fd, "rm");
+ f = fdopen(fd, "rme");
if (f == NULL) {
audit_msg(LOG_ERR, "Error - fdopen failed (%s)",
strerror(errno));
@@ -894,7 +894,7 @@ uid_t audit_getloginuid(void)
char buf[16];
errno = 0;
- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -1;
do {
@@ -922,7 +922,7 @@ int audit_setloginuid(uid_t uid)
errno = 0;
count = snprintf(loginuid, sizeof(loginuid), "%u", uid);
- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
+ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC);
if (o >= 0) {
int block, offset = 0;
@@ -958,7 +958,7 @@ uint32_t audit_get_session(void)
char buf[16];
errno = 0;
- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY);
+ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC);
if (in < 0)
return -2;
do {
diff --git a/lib/netlink.c b/lib/netlink.c
index 4d0670a..6168eb3 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -51,7 +51,7 @@ static int check_ack(int fd);
int audit_open(void)
{
int saved_errno;
- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT);
if (fd < 0) {
saved_errno = errno;
@@ -64,16 +64,6 @@ int audit_open(void)
"Error opening audit netlink socket (%s)",
strerror(errno));
errno = saved_errno;
- return fd;
- }
- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
- saved_errno = errno;
- audit_msg(LOG_ERR,
- "Error setting audit netlink socket CLOEXEC flag (%s)",
- strerror(errno));
- close(fd);
- errno = saved_errno;
- return -1;
}
return fd;
}
--
2.33.0

29
backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch Normal file
View File

@ -0,0 +1,29 @@
From cd7599210fe398360ddb81c0c2453a085d408089 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Mon, 19 Feb 2024 10:50:42 -0500
Subject: [PATCH] Change python bindings to switch from PyEval_CallObject on
3.12 and later to silence warning
Reference:https://github.com/linux-audit/audit-userspace/commit/cd7599210fe398360ddb81c0c2453a085d408089
Conflict:NA
---
bindings/python/auparse_python.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c
index 99d37cca..9ab919b3 100644
--- a/bindings/python/auparse_python.c
+++ b/bindings/python/auparse_python.c
@@ -290,7 +290,7 @@ static void auparse_callback(auparse_state_t *au,
if (debug) printf("<< auparse_callback\n");
arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type,
cb->user_data);
-#if PY_MINOR_VERSION >= 13
+#if PY_MINOR_VERSION >= 12
result = PyObject_CallObject(cb->func, arglist);
#else
result = PyEval_CallObject(cb->func, arglist);
--
2.33.0

39
backport-Change-the-first-iteration-test-so-static-analysis-b.patch Normal file
View File

@ -0,0 +1,39 @@
From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Wed, 29 Nov 2023 15:49:21 -0500
Subject: [PATCH] Change the first iteration test so static analysis better
understands the code
Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c
Conflict:NA
---
tools/aulast/aulast-llist.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c
index 87638ebc..d7765ba4 100644
--- a/tools/aulast/aulast-llist.c
+++ b/tools/aulast/aulast-llist.c
@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial)
lnode *list_delete_cur(llist *l)
{
register lnode *cur, *prev;
-
- prev = cur = l->head; /* start at the beginning */
+
+ if (l == NULL || l->head == NULL)
+ return NULL;
+
+ prev = cur = l->head; /* start at the beginning */
while (cur) {
if (cur == l->cur) {
- if (cur == prev && cur == l->head) {
+ // If the first iteration
+ if (prev == l->head && cur == l->head) {
l->head = cur->next;
l->cur = cur->next;
free((void *)cur->name);
--
2.33.0

77
backport-Cleanup-code-in-LRU.patch Normal file
View File

@ -0,0 +1,77 @@
From 4939b8541322cbf3a53affc28e71ce53d92f121f Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Fri, 3 May 2024 17:50:35 -0400
Subject: [PATCH] Cleanup code in LRU
Dont dereference anything until after checking if the queue is not empty.
Also, leave a note disputing static analysis thinking there is a use after
free destroying the queue.
Reference:https://github.com/linux-audit/audit-userspace/commit/4939b8541322cbf3a53affc28e71ce53d92f121f
Conflict:NA
---
auparse/lru.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/auparse/lru.c b/auparse/lru.c
index 05c4088d..f30bcf41 100644
--- a/auparse/lru.c
+++ b/auparse/lru.c
@@ -116,6 +116,11 @@ static void destroy_queue(Queue *queue)
dump_queue_stats(queue);
#endif
+ // Some static analysis scanners try to flag this as a use after
+ // free accessing queue->end. This is a false positive. It is freed.
+ // However, static analysis apps are incapable of seeing that in
+ // remove_node, end is updated to a prior node as part of detaching
+ // the current end node.
while (queue->count)
dequeue(queue);
@@ -252,34 +257,33 @@ out:
sanity_check_queue(queue, "2 remove_node");
}
-// Remove from the end of the queue
+// Remove from the end of the queue
static void dequeue(Queue *queue)
{
- QNode *temp = queue->end;
-
if (queue_is_empty(queue))
return;
+ QNode *temp = queue->end;
remove_node(queue, queue->end);
// if (queue->cleanup)
// queue->cleanup(temp->str);
free(temp->str);
free(temp);
-
+
// decrement the total of full slots by 1
queue->count--;
}
-
+
// Remove front of the queue because its a mismatch
void lru_evict(Queue *queue, unsigned int key)
{
+ if (queue_is_empty(queue))
+ return;
+
Hash *hash = queue->hash;
QNode *temp = queue->front;
- if (queue_is_empty(queue))
- return;
-
hash->array[key] = NULL;
remove_node(queue, queue->front);
--
2.33.0

107
backport-Cleanup-shell-script-warnings.patch Normal file
View File

@ -0,0 +1,107 @@
From 79c1212ff38254a961c27d8eb10bc766e412ffe9 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Fri, 23 Feb 2024 12:26:05 -0500
Subject: [PATCH] Cleanup shell script warnings
Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9
Conflict:init.d/augenrules,init.d/auditd.state
---
init.d/auditd.reload | 2 +-
init.d/auditd.resume | 2 +-
init.d/auditd.rotate | 2 +-
init.d/auditd.state | 4 ++--
init.d/auditd.stop | 2 +-
init.d/augenrules | 2 +-
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index 9c30295..2ea8f7e 100644
--- a/init.d/auditd.reload
+++ b/init.d/auditd.reload
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index f1d2157..23219bc 100644
--- a/init.d/auditd.resume
+++ b/init.d/auditd.resume
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index 2b13cf7..0764ac0 100644
--- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/auditd.state b/init.d/auditd.state
index c7e291e..c93df8b 100644
--- a/init.d/auditd.state
+++ b/init.d/auditd.state
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
@@ -15,7 +15,7 @@ killproc $prog -CONT
RETVAL=$?
echo -e "\n"
sleep 1
-if [ $? -eq 0 ] ; then
+if [ $RETVAL -eq 0 ] ; then
if [ -e $state_file ] ; then
cat $state_file
fi
diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index ed8207b..08db366 100644
--- a/init.d/auditd.stop
+++ b/init.d/auditd.stop
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/augenrules b/init.d/augenrules
index d482d2e..7a512bf 100644
--- a/init.d/augenrules
+++ b/init.d/augenrules
@@ -35,7 +35,7 @@ RETVAL=0
usage="Usage: $0 [--check|--load]"
# Delete the interim file on faults
-trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15
+trap 'rm -f ${TmpRules}; exit 1' HUP INT QUIT PIPE TERM
try_load() {
if [ $LoadRules -eq 1 ] ; then
--
2.33.0

143
backport-Consolidate-end-of-event-detection-to-a-common-funct.patch Normal file
View File

@ -0,0 +1,143 @@
From 6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 26 Aug 2023 08:52:25 -0400
Subject: [PATCH] Consolidate end of event detection to a common function
Reference:https://github.com/linux-audit/audit-userspace/commit/6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed
Conflict:ChangeLog,auparse/auparse.c,common/common.h
---
auparse/auparse.c | 9 +--------
common/Makefile.am | 2 +-
common/common.c | 43 +++++++++++++++++++++++++++++++++++++++++++
common/common.h | 3 ++-
src/ausearch-lol.c | 9 ++-------
5 files changed, 49 insertions(+), 17 deletions(-)
create mode 100644 common/common.c
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 474e536..afc6741 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -293,14 +293,7 @@ static void au_check_events(auparse_state_t *au, time_t sec)
if (cur->l->e.sec + eoe_timeout <= sec) {
cur->status = EBS_COMPLETE;
au->au_ready++;
- } else if ( // FIXME: Check this v remains true
- r->type == AUDIT_PROCTITLE ||
- r->type == AUDIT_EOE ||
- r->type < AUDIT_FIRST_EVENT ||
- r->type >= AUDIT_FIRST_ANOM_MSG ||
- r->type == AUDIT_KERNEL ||
- (r->type >= AUDIT_MAC_UNLBL_ALLOW &&
- r->type <= AUDIT_MAC_CALIPSO_DEL)) {
+ } else if (audit_is_last_record(r->type)) {
// If known to be 1 record event, we are done
cur->status = EBS_COMPLETE;
au->au_ready++;
diff --git a/common/Makefile.am b/common/Makefile.am
index 8b9aacb..fb78c35 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -25,6 +25,6 @@ AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib
noinst_HEADERS = common.h
libaucommon_la_DEPENDENCIES = ../config.h
-libaucommon_la_SOURCES = audit-fgets.c strsplit.c
+libaucommon_la_SOURCES = audit-fgets.c strsplit.c common.c
noinst_LTLIBRARIES = libaucommon.la
diff --git a/common/common.c b/common/common.c
new file mode 100644
index 0000000..cbfa46c
--- /dev/null
+++ b/common/common.c
@@ -0,0 +1,43 @@
+/* common.c --
+ * Copyright 2023 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Steve Grubb <sgrubb@redhat.com>
+ */
+
+#include "libaudit.h"
+#include "common.h"
+
+/*
+ * This function returns 1 if it is the last record in an event.
+ * It returns 0 otherwise.
+ */
+int audit_is_last_record(int type)
+{
+ if (type == AUDIT_PROCTITLE ||
+ type == AUDIT_EOE ||
+ type < AUDIT_FIRST_EVENT ||
+ type >= AUDIT_FIRST_ANOM_MSG ||
+ type == AUDIT_KERNEL ||
+ (type >= AUDIT_MAC_UNLBL_ALLOW &&
+ type <= AUDIT_MAC_CALIPSO_DEL)) {
+ return 1;
+ }
+ return 0;
+}
+
diff --git a/common/common.h b/common/common.h
index 011be46..b706784 100644
--- a/common/common.h
+++ b/common/common.h
@@ -1,5 +1,5 @@
/* audit-fgets.h -- a replacement for glibc's fgets
- * Copyright 2018 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2018-23 Red Hat Inc.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
@@ -33,6 +33,7 @@ int audit_fgets(char *buf, size_t blen, int fd);
char *audit_strsplit_r(char *s, char **savedpp);
char *audit_strsplit(char *s);
+int audit_is_last_record(int type);
AUDIT_HIDDEN_END
#endif
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index 6d378cc..b09228f 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -250,16 +250,11 @@ static void check_events(lol *lo, time_t sec)
if (cur->l->e.sec + eoe_timeout <= sec) {
cur->status = L_COMPLETE;
ready++;
- } else if (cur->l->e.type == AUDIT_PROCTITLE ||
- cur->l->e.type < AUDIT_FIRST_EVENT ||
- cur->l->e.type >= AUDIT_FIRST_ANOM_MSG ||
- cur->l->e.type == AUDIT_KERNEL ||
- (cur->l->e.type >= AUDIT_MAC_UNLBL_ALLOW &&
- cur->l->e.type <= AUDIT_MAC_CALIPSO_DEL)) {
+ } else if (audit_is_last_record(cur->l->e.type)) {
// If known to be 1 record event, we are done
cur->status = L_COMPLETE;
ready++;
- }
+ }
}
}
}
--
2.33.0

37
backport-Error-out-if-required-zos-parameters-missing.patch Normal file
View File

@ -0,0 +1,37 @@
From bbe96f9798451129ae2555f92e2f698f842f7833 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 10 Oct 2023 08:22:49 -0400
Subject: [PATCH] Error out if required zos parameters missing
---
audisp/plugins/zos-remote/zos-remote-ldap.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/zos-remote/zos-remote-ldap.c b/audisp/plugins/zos-remote/zos-remote-ldap.c
index 7dd1424f..7e27eda4 100644
--- a/audisp/plugins/zos-remote/zos-remote-ldap.c
+++ b/audisp/plugins/zos-remote/zos-remote-ldap.c
@@ -134,14 +134,18 @@ retry:
int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port,
const char *user, const char *password, int timeout)
-{
+{
+ if (server == NULL || user == NULL || password == NULL) {
+ log_err("Error: required parameters are not present in config file");
+ return ICTX_E_FATAL;
+ }
zos_remote->server = strdup(server);
zos_remote->port = port;
zos_remote->user = strdup(user);
zos_remote->password = strdup(password);
zos_remote->timeout = timeout;
zos_remote->connected = 0;
-
+
if (!zos_remote->server || !zos_remote->user || !zos_remote->password) {
log_err("Error allocating memory for session members");
return ICTX_E_FATAL;
--
2.27.0

28
backport-Fix-deprecated-python-function.patch Normal file
View File

@ -0,0 +1,28 @@
From c344a8a370afed66e78db88c2d129f6672dae1e6 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 24 Oct 2023 11:51:04 -0400
Subject: [PATCH] Fix deprecated python function
---
bindings/python/auparse_python.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c
index 78ef832c..1371ed54 100644
--- a/bindings/python/auparse_python.c
+++ b/bindings/python/auparse_python.c
@@ -290,7 +290,11 @@ static void auparse_callback(auparse_state_t *au,
if (debug) printf("<< auparse_callback\n");
arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type,
cb->user_data);
+#if PY_MINOR_VERSION >= 13
+ result = PyObject_CallObject(cb->func, arglist);
+#else
result = PyEval_CallObject(cb->func, arglist);
+#endif
Py_DECREF(arglist);
Py_XDECREF(result);
}
--
2.27.0

69
backport-Fix-memory-leaks.patch Normal file
View File

@ -0,0 +1,69 @@
From 289dc3a077f05fba93816fbdfbbfe032322d7f64 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Tue, 21 May 2024 12:28:29 -0400
Subject: [PATCH] Fix memory leaks
Reference:https://github.com/linux-audit/audit-userspace/commit/289dc3a077f05fba93816fbdfbbfe032322d7f64
Conflict:NA
---
src/auditd-listen.c | 2 +-
src/ausearch-lol.c | 2 ++
src/ausearch-parse.c | 6 ++++--
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index ea3f137c..52076361 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -443,8 +443,8 @@ static int negotiate_credentials(ev_tcp *io)
gss_release_name(&min_stat, &client);
return -1;
}
- gss_release_buffer(&min_stat, &send_tok);
}
+ gss_release_buffer(&min_stat, &send_tok);
} while (maj_stat == GSS_S_CONTINUE_NEEDED);
maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL);
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index a5418079..784c58f6 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -311,6 +311,7 @@ int lol_add_record(lol *lo, char *buff)
n.type = e.type;
n.message = strdup(buff);
if(n.message == NULL) {
+ free((char *)e.node);
fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return 0;
}
@@ -369,6 +370,7 @@ int lol_add_record(lol *lo, char *buff)
// Create new event and fill it in
l = malloc(sizeof(llist));
if (l == NULL) {
+ free((char *)e.node);
fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return 0;
}
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index be57606b..4c9bef0d 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -769,9 +769,11 @@ static int common_path_parser(search_items *s, char *path)
if ((sn.str[0] == '.') && ((sn.str[1] == '.') ||
(sn.str[1] == '/')) && s->cwd) {
char *tmp = malloc(PATH_MAX);
- if (tmp == NULL)
+ if (tmp == NULL) {
+ free(sn.str);
return 6;
- snprintf(tmp, PATH_MAX, "%s/%s",
+ }
+ snprintf(tmp, PATH_MAX, "%s/%s",
s->cwd, sn.str);
free(sn.str);
sn.str = tmp;
--
2.33.0

107
backport-Fix-new-warnings-for-unused-results.patch Normal file
View File

@ -0,0 +1,107 @@
From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Mon, 20 Nov 2023 16:37:46 -0500
Subject: [PATCH] Fix new warnings for unused results
Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57
Conflict:audisp/plugins/ids/ids.c
---
audisp/plugins/ids/ids.c | 5 +++--
audisp/plugins/ids/ids.h | 2 +-
audisp/plugins/statsd/audisp-statsd.c | 4 ++--
lib/libaudit.c | 3 ++-
lib/netlink.c | 3 ++-
src/auditd.c | 3 ++-
6 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c
index f9f312d..8fe3699 100644
--- a/audisp/plugins/ids/ids.c
+++ b/audisp/plugins/ids/ids.c
@@ -91,9 +91,10 @@ static void destroy_audit(void)
audit_close(audit_fd);
}
-void log_audit_event(int type, const char *text, int res)
+int log_audit_event(int type, const char *text, int res)
{
- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res);
+ return audit_log_user_message(audit_fd, type, text,
+ NULL, NULL, NULL, res);
}
diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h
index eb1d83c..2cf13b6 100644
--- a/audisp/plugins/ids/ids.h
+++ b/audisp/plugins/ids/ids.h
@@ -14,6 +14,6 @@
extern int debug;
extern void my_printf(const char *fmt, ...)
__attribute__ (( format(printf, 1, 2) ));
-extern void log_audit_event(int type, const char *text, int res);
+extern int log_audit_event(int type, const char *text, int res);
#endif
diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c
index e562afa..934db5c 100644
--- a/audisp/plugins/statsd/audisp-statsd.c
+++ b/audisp/plugins/statsd/audisp-statsd.c
@@ -216,9 +216,9 @@ static void get_kernel_status(void)
struct audit_reply rep;
audit_request_status(audit_fd);
- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
+ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0);
- if (rep.type == AUDIT_GET) {
+ if (rc > 0 && rep.type == AUDIT_GET) {
// add info to global audit event struct
r.lost = rep.status->lost;
r.backlog = rep.status->backlog;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index eda51e8..86c333c 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -467,7 +467,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode)
rc = poll(pfd, 1, 100); /* .1 second */
} while (rc < 0 && errno == EINTR);
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
return 1;
}
diff --git a/lib/netlink.c b/lib/netlink.c
index 4d0670a..9b438b8 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -300,7 +300,8 @@ retry:
else if (rc > 0 && rep.type == NLMSG_ERROR) {
int error = rep.error->error;
/* Eat the message */
- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0))
+ ; // intentionally empty
/* NLMSG_ERROR can indicate success, only report nonzero */
if (error) {
diff --git a/src/auditd.c b/src/auditd.c
index 8ab2fe1..5cb4394 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -1152,7 +1152,8 @@ static void clean_exit(void)
audit_msg(LOG_INFO, "The audit daemon is exiting.");
if (fd >= 0) {
if (!opt_aggregate_only)
- audit_set_pid(fd, 0, WAIT_NO);
+ if (audit_set_pid(fd, 0, WAIT_NO))
+ ; // intentionally empty
audit_close(fd);
}
if (pidfile)
--
2.33.0

54
backport-Fixed-NULL-checks.patch Normal file
View File

@ -0,0 +1,54 @@
From 68131717821ee5c946fb561218551c98e46d7d06 Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Tue, 19 Mar 2024 17:01:53 +0300
Subject: [PATCH] Fixed NULL checks
Reference:https://github.com/linux-audit/audit-userspace/commit/68131717821ee5c946fb561218551c98e46d7d06
Conflict:NA
---
audisp/plugins/zos-remote/zos-remote-queue.c | 2 +-
auparse/auparse.c | 1 +
src/ausearch-lol.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
index 47dd006e..f8019890 100644
--- a/audisp/plugins/zos-remote/zos-remote-queue.c
+++ b/audisp/plugins/zos-remote/zos-remote-queue.c
@@ -131,7 +131,7 @@ void increase_queue_depth(unsigned int size)
tmp_q = realloc(q, size * sizeof(BerElement *));
if (tmp_q == NULL) {
- log_err("Memory allocation error");;
+ log_err("Memory allocation error");;
pthread_mutex_unlock(&queue_lock);
return;
}
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 516ee8f1..e782058d 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -116,6 +116,7 @@ static int setup_log_file_array(auparse_state_t *au)
if (!tmp) {
fprintf(stderr, "No memory\n");
aup_free_config(&config);
+ free(filename);
return 1;
}
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index c2140b7e..7562dc21 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -49,6 +49,7 @@ void lol_create(lol *lo)
lo->array = (lolnode *)malloc(size);
if (lo->array == NULL) {
fprintf(stderr, "Memory allocation error");
+ lo->limit = 0;
return;
}
memset(lo->array, 0, size);
--
2.33.0

114
backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch Normal file
View File

@ -0,0 +1,114 @@
From 139c61a9007600c93702947179d7836be1bc8403 Mon Sep 17 00:00:00 2001
From: burnalting <burnalting@users.noreply.github.com>
Date: Thu, 11 Jan 2024 08:22:32 +1100
Subject: [PATCH] Issue343: Fix checkpoint issue to ensure all complete events
are gained (#345)
Co-authored-by: Burn Alting <burn@auditdtest.swtf.dyndns.org>
Reference:https://github.com/linux-audit/audit-userspace/commit/139c61a9007600c93702947179d7836be1bc8403
Conflict:NA
---
src/ausearch-lol.c | 33 +++++++++++++++++++++++++++++++++
src/ausearch-lol.h | 1 +
src/ausearch.c | 12 +++++++-----
3 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index f22f358..dc91034 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -283,6 +283,32 @@ static void check_events(lol *lo, time_t sec)
}
}
+// This function will check events to see if they are complete but not compare against a given time
+static void check_events_without_time(lol *lo)
+{
+ int i;
+
+ for(i=0;i<=lo->maxi; i++) {
+ lolnode *cur = &lo->array[i];
+ if (cur->status == L_BUILDING) {
+ /* We now iterate over the event's records but without affecting the node's current
+ * pointer (cur->l->cur). That is, we don't call the list-* routines
+ * We could jump to the last record in the list which is normally a PROCTITLE, but this
+ * may not be guaranteed, so we check all record types
+ */
+ lnode *ln = cur->l->head;
+ while (ln) {
+ if (audit_is_last_record(ln->type)) {
+ cur->status = L_COMPLETE;
+ ready++;
+ break;
+ }
+ ln = ln->next;
+ }
+ }
+ }
+}
+
// This function adds a new record to an existing linked list
// or creates a new one if its a new event
int lol_add_record(lol *lo, char *buff)
@@ -382,6 +408,13 @@ void terminate_all_events(lol *lo)
}
}
+// This function will mark all events as complete if it can.
+void complete_all_events(lol *lo)
+{
+
+ check_events_without_time(lo);
+}
+
/* Search the list for any event that is ready to go. The caller
* takes custody of the memory */
llist* get_ready_event(lol *lo)
diff --git a/src/ausearch-lol.h b/src/ausearch-lol.h
index 21f2c15..bab0c81 100644
--- a/src/ausearch-lol.h
+++ b/src/ausearch-lol.h
@@ -49,6 +49,7 @@ void lol_create(lol *lo);
void lol_clear(lol *lo);
int lol_add_record(lol *lo, char *buff);
void terminate_all_events(lol *lo);
+void complete_all_events(lol *lo);
llist* get_ready_event(lol *lo);
void lol_set_eoe_timeout(time_t new_eoe_tmo);
diff --git a/src/ausearch.c b/src/ausearch.c
index 0091a1c..f54eda9 100644
--- a/src/ausearch.c
+++ b/src/ausearch.c
@@ -593,19 +593,21 @@ static int get_next_event(llist **l)
* If we get an EINTR error or we are at EOF, we check
* to see if we have any events to print and return
* appropriately. If we are the last file being
- * processed, we mark all incomplete events as
- * complete so they will be printed.
+ * processed, and we are not checkpointing, we mark all incomplete
+ * events as complete so they will be printed. If we are checkpointing
+ * we do an exhaustive validation to see if there are complete events still
*/
if ((ferror_unlocked(log_fd) &&
errno == EINTR) || feof_unlocked(log_fd)) {
/*
- * Only mark all events as L_COMPLETE if we are
+ * Only attempt to mark all events as L_COMPLETE if we are
* the last file being processed.
- * We DO NOT do this if we are checkpointing.
*/
if (files_to_process == 0) {
if (!checkpt_filename)
- terminate_all_events(&lo);
+ terminate_all_events(&lo); // terminate as we are not checkpointing
+ else
+ complete_all_events(&lo); // exhaustively check if we can complete events
}
*l = get_ready_event(&lo);
if (*l)
--
2.33.0

62
backport-Make-session-id-consistently-typed-327.patch Normal file
View File

@ -0,0 +1,62 @@
From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001
From: Michael Tautschnig <mt@debian.org>
Date: Thu, 2 Nov 2023 21:53:29 +0100
Subject: [PATCH] Make session id consistently typed (#327)
This fixes type-conflicting definitions and declarations.
Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81
Conflict:src/ausearch-options.c
---
src/aureport-options.c | 3 ++-
src/ausearch-options.c | 10 ++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 167157a..7a8d92a 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -61,7 +61,8 @@ const char *event_uuid = NULL;
const char *event_vmname = NULL;
long long event_exit = 0;
int event_exit_is_set = 0;
-int event_ppid = -1, event_session_id = -2;
+pid_t event_ppid = -1;
+uint32_t event_session_id = -2;
int event_debug = 0, event_machine = -1;
time_t arg_eoe_timeout = (time_t)0;
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index 5f6aace..eff0596 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -888,19 +888,21 @@ int check_params(int count, char *vars[])
size_t len = strlen(optarg);
if (isdigit(optarg[0])) {
errno = 0;
- event_session_id = strtoul(optarg,NULL,10);
- if (errno)
+ unsigned long optval = strtoul(optarg,NULL,10);
+ if (errno || optval >= (1ul << 32))
retval = -1;
+ event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
(isdigit(optarg[1]))) {
errno = 0;
- event_session_id = strtoul(optarg, NULL, 0);
- if (errno) {
+ long optval = strtol(optarg, NULL, 0);
+ if (errno || optval < INT_MIN || optval > INT_MAX) {
retval = -1;
fprintf(stderr, "Error converting %s\n",
optarg);
}
+ event_session_id = optval;
c++;
} else {
fprintf(stderr,
--
2.33.0

38
backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch Normal file
View File

@ -0,0 +1,38 @@
From 38572e7eead76015b388723038f03e2ef0b1e3c1 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 25 Aug 2023 10:41:20 -0400
Subject: [PATCH] Rewrite legacy service functions in terms of systemctl
---
ChangeLog | 1 +
init.d/Makefile.am | 3 +--
init.d/audit-functions | 52 ---------------------------------------
init.d/auditd.condrestart | 7 +++---
init.d/auditd.reload | 6 +----
init.d/auditd.resume | 6 +----
init.d/auditd.rotate | 6 +----
init.d/auditd.state | 4 +--
init.d/auditd.stop | 3 +--
9 files changed, 11 insertions(+), 77 deletions(-)
delete mode 100644 init.d/audit-functions
---
init.d/auditd.condrestart | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init.d/auditd.condrestart b/init.d/auditd.condrestart
index d86e5e4..da5b359 100644
--- a/init.d/auditd.condrestart
+++ b/init.d/auditd.condrestart
@@ -2,7 +2,7 @@
# Helper script to provide legacy auditd service options not
# directly supported by systemd.
-state=`service auditd status | awk '/^ Active/ { print $2 }'`
+state=$(systemctl status auditd | awk '/Active:/ { print $2 }')
if [ $state = "active" ] ; then
/usr/libexec/initscripts/legacy-actions/auditd/restart
RETVAL="$?"
--
2.33.0

62
backport-Solve-issue-363-by-moving-check-to-after-load_config.patch Normal file
View File

@ -0,0 +1,62 @@
From 0604569e79a5d1c76b32f15576e129e0b813659f Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sun, 24 Mar 2024 13:06:59 -0400
Subject: [PATCH] Solve issue #363 by moving check to after load_config
Reference:https://github.com/linux-audit/audit-userspace/commit/0604569e79a5d1c76b32f15576e129e0b813659f
Conflict:NA
---
src/auditd.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/src/auditd.c b/src/auditd.c
index e0fe9925..67ce06c0 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -676,20 +676,6 @@ int main(int argc, char *argv[])
}
session = audit_get_session();
-#ifndef DEBUG
- /* Make sure we can do our job. Containers may not give you
- * capabilities, so we revert to a uid check for that case. */
- if (!audit_can_control()) {
- if (!config.local_events && geteuid() == 0)
- ;
- else {
- fprintf(stderr,
- "You must be root or have capabilities to run this program.\n");
- return 4;
- }
- }
-#endif
-
/* Register sighandlers */
sa.sa_flags = 0 ;
sigemptyset( &sa.sa_mask ) ;
@@ -717,6 +703,21 @@ int main(int argc, char *argv[])
free_config(&config);
return 6;
}
+
+#ifndef DEBUG
+ /* Make sure we can do our job. Containers may not give you
+ * capabilities, so we revert to a uid check for that case. */
+ if (!audit_can_control()) {
+ if (!config.local_events && geteuid() == 0)
+ ;
+ else {
+ fprintf(stderr,
+ "You must be root or have capabilities to run this program.\n");
+ return 4;
+ }
+ }
+#endif
+
if (config.daemonize == D_FOREGROUND)
config.write_logs = 0;
--
2.33.0

94
backport-Use-atomic_int-if-available-for-signal-related-flags.patch Normal file
View File

@ -0,0 +1,94 @@
From 184f20c56576300343b8f8b60a8bebb185074485 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 26 Apr 2024 12:44:56 -0400
Subject: [PATCH] Use atomic_int if available for signal related flags
Reference:https://github.com/linux-audit/audit-userspace/commit/184f20c56576300343b8f8b60a8bebb185074485
Conflict:configure.ac
---
configure.ac | 8 ++++++++
src/auditd-event.c | 5 ++++-
src/auditd.c | 9 ++++++---
3 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index f2f2950..96a0fcc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -85,6 +85,14 @@ AC_LINK_IFELSE(
[AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
[]
)
+
+AC_CHECK_HEADERS([stdatomic.h], [
+ AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the <stdatomic.h> header file.])
+ AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the <stdatomic.h> header file.])
+ ], [
+ AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if <stdatomic.h> is not available.])
+])
+
dnl; pthread_yield is used in zos-remote
AC_SEARCH_LIBS(pthread_yield, pthread,
[AC_DEFINE(HAVE_PTHREAD_YIELD, 1, [Define to 1 if we have pthread_yield])], [])
diff --git a/src/auditd-event.c b/src/auditd-event.c
index 847f5fe..c1e4b5a 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -36,6 +36,9 @@
#include <limits.h> /* POSIX_HOST_NAME_MAX */
#include <ctype.h> /* toupper */
#include <libgen.h> /* dirname */
+#ifdef HAVE_ATOMIC
+#include <stdatomic.h>
+#endif
#include "auditd-event.h"
#include "auditd-dispatch.h"
#include "auditd-listen.h"
@@ -45,7 +48,7 @@
#include "auparse-idata.h"
/* This is defined in auditd.c */
-extern volatile int stop;
+extern volatile ATOMIC_INT stop;
/* Local function prototypes */
static void send_ack(const struct auditd_event *e, int ack_type,
diff --git a/src/auditd.c b/src/auditd.c
index 34a9b57..75a180e 100644
--- a/src/auditd.c
+++ b/src/auditd.c
@@ -38,6 +38,9 @@
#include <pthread.h>
#include <sys/utsname.h>
#include <getopt.h>
+#ifdef HAVE_ATOMIC
+#include <stdatomic.h>
+#endif
#include "libaudit.h"
#include "auditd-event.h"
@@ -62,7 +65,7 @@
#define SUBJ_LEN 4097
/* Global Data */
-volatile int stop = 0;
+volatile ATOMIC_INT stop = 0;
/* Local data */
static int fd = -1, pipefds[2] = {-1, -1};
@@ -72,8 +75,8 @@ static const char *state_file = "/var/run/auditd.state";
static int init_pipe[2];
static int do_fork = 1, opt_aggregate_only = 0, config_dir_set = 0;
static struct auditd_event *cur_event = NULL, *reconfig_ev = NULL;
-static int hup_info_requested = 0;
-static int usr1_info_requested = 0, usr2_info_requested = 0;
+static ATOMIC_INT hup_info_requested = 0;
+static ATOMIC_INT usr1_info_requested = 0, usr2_info_requested = 0;
static char subj[SUBJ_LEN];
static uint32_t session;
static int hup_flag = 0;
--
2.33.0

85
backport-Use-atomic_uint-if-available-for-signal-related-flag.patch Normal file
View File

@ -0,0 +1,85 @@
From 3955b5e29e119122dc2fc0a53ba82529613e4e1c Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 26 Apr 2024 14:03:02 -0400
Subject: [PATCH] Use atomic_uint if available for signal related flags
Reference:https://github.com/linux-audit/audit-userspace/commit/3955b5e29e119122dc2fc0a53ba82529613e4e1c
Conflict:configure.ac
---
audisp/audispd.c | 7 +++++--
audisp/queue.c | 9 ++++++---
configure.ac | 2 ++
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/audisp/audispd.c b/audisp/audispd.c
index 0172e12..8be0e8f 100644
--- a/audisp/audispd.c
+++ b/audisp/audispd.c
@@ -41,6 +41,9 @@
#include <limits.h>
#include <sys/uio.h>
#include <getopt.h>
+#ifdef HAVE_ATOMIC
+#include <stdatomic.h>
+#endif
#include "audispd-pconfig.h"
#include "audispd-config.h"
@@ -51,8 +54,8 @@
#include "private.h"
/* Global Data */
-static volatile int stop = 0;
-volatile int disp_hup = 0;
+static volatile ATOMIC_INT stop = 0;
+volatile ATOMIC_INT disp_hup = 0;
/* Local data */
static daemon_conf_t daemon_config;
diff --git a/audisp/queue.c b/audisp/queue.c
index 2b7ea43..6204453 100644
--- a/audisp/queue.c
+++ b/audisp/queue.c
@@ -25,17 +25,20 @@
#include <stdlib.h>
#include <unistd.h>
#include <syslog.h>
+#ifdef HAVE_ATOMIC
+#include <stdatomic.h>
+#endif
#include "queue.h"
static volatile event_t **q;
static pthread_mutex_t queue_lock;
static pthread_cond_t queue_nonempty;
-static unsigned int q_next, q_last, q_depth, processing_suspended;
-static unsigned int currently_used, max_used, overflowed;
+static unsigned int q_next, q_last, q_depth, processing_suspended, overflowed;
+static ATOMIC_UNSIGNED currently_used, max_used;
static const char *SINGLE = "1";
static const char *HALT = "0";
static int queue_full_warning = 0;
-extern volatile int disp_hup;
+extern volatile ATOMIC_INT disp_hup;
#define QUEUE_FULL_LIMIT 5
void reset_suspended(void)
diff --git a/configure.ac b/configure.ac
index 96a0fcc..57c961a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -89,8 +89,10 @@ AC_LINK_IFELSE(
AC_CHECK_HEADERS([stdatomic.h], [
AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the <stdatomic.h> header file.])
AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the <stdatomic.h> header file.])
+ AC_DEFINE([ATOMIC_UNSIGNED], atomic_uint, [Define atomic_uint if you have the <stdatomic.h> header file.])
], [
AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if <stdatomic.h> is not available.])
+ AC_DEFINE([ATOMIC_UNSIGNED], unsigned, [Define to the type of an unsigned if <stdatomic.h> is not available.])
])
dnl; pthread_yield is used in zos-remote
--
2.33.0

27
backport-adding-the-file-descriptor-closure.patch Normal file
View File

@ -0,0 +1,27 @@
From 5eef876b3eb2fa3348be6cd31bd651a98b164deb Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Wed, 27 Mar 2024 17:34:33 +0300
Subject: [PATCH] adding the file descriptor closure
Reference:https://github.com/linux-audit/audit-userspace/commit/5eef876b3eb2fa3348be6cd31bd651a98b164deb
Conflict:NA
---
src/auditctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/auditctl.c b/src/auditctl.c
index 503b4e2b..7949d95c 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1393,6 +1393,7 @@ static int fileopt(const char *file)
fields = malloc(nf * sizeof(char *));
if (fields == NULL) {
audit_msg(LOG_ERR, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ fclose(f);
return 1;
}
--
2.33.0

41
backport-avoiding-of-NULL-pointers-dereference-366.patch Normal file
View File

@ -0,0 +1,41 @@
From 4780cd1a790286213dda646f782fa7128fb092a9 Mon Sep 17 00:00:00 2001
From: Yugend <77495782+Yugend@users.noreply.github.com>
Date: Sat, 4 May 2024 00:39:36 +0300
Subject: [PATCH] avoiding of NULL pointers dereference (#366)
Reference:https://github.com/linux-audit/audit-userspace/commit/4780cd1a790286213dda646f782fa7128fb092a9
Conflict:NA
---
src/ausearch-parse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 1a5b047f..be57606b 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -719,6 +719,10 @@ static int common_path_parser(search_items *s, char *path)
// append
snode sn;
sn.str = strdup(path);
+ if (sn.str == NULL) {
+ fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__);
+ return 8;
+ }
sn.key = NULL;
sn.hits = 1;
// Attempt to rebuild path if relative
@@ -1217,6 +1221,10 @@ skip:
saved = *term;
*term = 0;
s->hostname = strdup(str);
+ if (s->hostname == NULL) {
+ fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__);
+ return 33;
+ }
*term = saved;
// Lets see if there is something more
--
2.33.0

28
backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch Normal file
View File

@ -0,0 +1,28 @@
From 3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0 Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Wed, 27 Mar 2024 17:41:07 +0300
Subject: [PATCH] correcting memcmp args in check_rule_mismatch function
Reference:https://github.com/linux-audit/audit-userspace/commit/3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0
Conflict:src/auditctl.c
---
src/auditctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index d55f7d8..6274f6d 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -388,7 +388,7 @@ static void check_rule_mismatch(int lineno, const char *option)
}
memset(&tmprule, 0, sizeof(struct audit_rule_data));
audit_rule_syscallbyname_data(&tmprule, option);
- if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE))
+ if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE * sizeof(tmprule.mask[0])))
rc = 1;
_audit_elf = old_audit_elf;
if (rc) {
--
2.33.0

147
backport-first-part-of-NULL-pointer-checks.patch Normal file
View File

@ -0,0 +1,147 @@
From b046de44454fa2616dbb8899f1b41d65ce876e33 Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Fri, 15 Mar 2024 17:08:16 +0300
Subject: [PATCH] first part of NULL pointer checks
Reference:https://github.com/linux-audit/audit-userspace/commit/b046de44454fa2616dbb8899f1b41d65ce876e33
Conflict:auparse/auparse.c
---
audisp/audispd-llist.c | 3 +++
auparse/auparse.c | 7 +++++++
src/auditctl-llist.c | 3 +++
src/auditctl.c | 5 +++++
src/ausearch-avc.c | 3 +++
src/ausearch-int.c | 3 +++
src/ausearch-llist.c | 3 +++
tools/aulastlog/aulastlog-llist.c | 3 +++
8 files changed, 30 insertions(+)
diff --git a/audisp/audispd-llist.c b/audisp/audispd-llist.c
index c562a72..c338327 100644
--- a/audisp/audispd-llist.c
+++ b/audisp/audispd-llist.c
@@ -74,6 +74,9 @@ void plist_append(conf_llist *l, plugin_conf_t *p)
lnode* newnode;
newnode = malloc(sizeof(lnode));
+ if (newnode == NULL) {
+ return;
+ }
if (p) {
void *pp = malloc(sizeof(struct plugin_conf));
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 036f022..abbc17b 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -95,6 +95,11 @@ static int setup_log_file_array(auparse_state_t *au)
}
num--;
tmp = malloc((num+2)*sizeof(char *));
+ if (!tmp) {
+ fprintf(stderr, "No memory\n");
+ aup_free_config(&config);
+ return 1;
+ }
/* Got it, now process logs from last to first */
if (num > 0)
@@ -468,6 +473,8 @@ auparse_state_t *auparse_init(ausource_t source, const void *b)
if (access(b, R_OK))
goto bad_exit;
tmp = malloc(2*sizeof(char *));
+ if (tmp == NULL)
+ goto bad_exit;
tmp[0] = strdup(b);
tmp[1] = NULL;
au->source_list = tmp;
diff --git a/src/auditctl-llist.c b/src/auditctl-llist.c
index 6e70ef1..ae9776b 100644
--- a/src/auditctl-llist.c
+++ b/src/auditctl-llist.c
@@ -64,6 +64,9 @@ void list_append(llist *l, struct audit_rule_data *r, size_t sz)
lnode* newnode;
newnode = malloc(sizeof(lnode));
+ if (newnode == NULL) {
+ return;
+ }
if (r) {
void *rr = malloc(sz);
diff --git a/src/auditctl.c b/src/auditctl.c
index 778b374..8942195 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1323,6 +1323,11 @@ static int fileopt(const char *file)
}
i = 0;
fields = malloc(nf * sizeof(char *));
+ if (fields == NULL) {
+ audit_msg(LOG_ERR, "Memory allocation error");
+ return 1;
+ }
+
fields[i++] = "auditctl";
fields[i++] = ptr;
while( (ptr=audit_strsplit(NULL)) && (i < nf-1)) {
diff --git a/src/ausearch-avc.c b/src/ausearch-avc.c
index 10d153f..6aa98c7 100644
--- a/src/ausearch-avc.c
+++ b/src/ausearch-avc.c
@@ -67,6 +67,9 @@ void alist_append(alist *l, anode *node)
anode* newnode;
newnode = malloc(sizeof(anode));
+ if (newnode == NULL) {
+ return;
+ }
if (node->scontext)
newnode->scontext = node->scontext;
diff --git a/src/ausearch-int.c b/src/ausearch-int.c
index 718dacd..0e8b0ff 100644
--- a/src/ausearch-int.c
+++ b/src/ausearch-int.c
@@ -46,6 +46,9 @@ void ilist_append(ilist *l, int num, unsigned int hits, int aux)
int_node* newnode;
newnode = malloc(sizeof(int_node));
+ if (newnode == NULL) {
+ return;
+ }
newnode->num = num;
newnode->hits = hits;
diff --git a/src/ausearch-llist.c b/src/ausearch-llist.c
index ef5503c..3b4ff26 100644
--- a/src/ausearch-llist.c
+++ b/src/ausearch-llist.c
@@ -107,6 +107,9 @@ void list_append(llist *l, lnode *node)
lnode* newnode;
newnode = malloc(sizeof(lnode));
+ if (newnode == NULL) {
+ return;
+ }
if (node->message)
newnode->message = node->message;
diff --git a/tools/aulastlog/aulastlog-llist.c b/tools/aulastlog/aulastlog-llist.c
index 84882ca..779afb5 100644
--- a/tools/aulastlog/aulastlog-llist.c
+++ b/tools/aulastlog/aulastlog-llist.c
@@ -46,6 +46,9 @@ void list_append(llist *l, lnode *node)
lnode* newnode;
newnode = malloc(sizeof(lnode));
+ if (newnode == NULL) {
+ return;
+ }
newnode->sec = node->sec;
newnode->uid = node->uid;
--
2.33.0

30
backport-fix-one-more-leak.patch Normal file
View File

@ -0,0 +1,30 @@
From 613ccbdd1011692c6724a11cc8798112dd26d202 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Tue, 21 May 2024 13:17:38 -0400
Subject: [PATCH] fix one more leak
Reference:https://github.com/linux-audit/audit-userspace/commit/613ccbdd1011692c6724a11cc8798112dd26d202
Conflict:NA
---
src/ausearch-lol.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index 784c58f6..d156ce42 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -371,7 +371,9 @@ int lol_add_record(lol *lo, char *buff)
l = malloc(sizeof(llist));
if (l == NULL) {
free((char *)e.node);
- fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ free(n.message);
+ fprintf(stderr, "Out of memory. Check %s file, %d line",
+ __FILE__, __LINE__);
return 0;
}
list_create(l);
--
2.33.0

388
backport-fix-the-use-of-isdigit-everywhere.patch Normal file
View File

@ -0,0 +1,388 @@
From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sun, 5 Nov 2023 14:24:49 -0500
Subject: [PATCH] fix the use of isdigit everywhere
Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75
Conflict:audisp/plugins/af_unix/audisp-af_unix.c,src/ausearch-options.c
---
audisp/plugins/ids/ids_config.c | 2 +-
audisp/plugins/remote/remote-config.c | 2 +-
audisp/plugins/zos-remote/zos-remote-config.c | 6 ++--
auparse/auditd-config.c | 2 +-
auparse/interpret.c | 6 ++--
src/auditctl.c | 6 ++--
src/aureport-options.c | 4 +--
src/aureport-output.c | 2 +-
src/ausearch-options.c | 36 +++++++++----------
src/ausearch-parse.c | 2 +-
tools/ausyscall/ausyscall.c | 4 +--
11 files changed, 36 insertions(+), 36 deletions(-)
diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c
index 4da5ca9..f773794 100644
--- a/audisp/plugins/ids/ids_config.c
+++ b/audisp/plugins/ids/ids_config.c
@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val)
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c
index 7d80752..1f05cdd 100644
--- a/audisp/plugins/remote/remote-config.c
+++ b/audisp/plugins/remote/remote-config.c
@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
syslog(LOG_ERR,
"Value %s should only be numbers - line %d",
nv->value, line);
diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c
index b92dc77..2f7e42f 100644
--- a/audisp/plugins/zos-remote/zos-remote-config.c
+++ b/audisp/plugins/zos-remote/zos-remote-config.c
@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c)
/* check that all chars are numbers */
for (i = 0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
log_err("Value %s should only be numbers - line %d", nv->value, line);
return 1;
}
diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c
index bdb9cf8..d0fa746 100644
--- a/auparse/auditd-config.c
+++ b/auparse/auditd-config.c
@@ -341,7 +341,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line,
/* check that all chars are numbers */
for (i=0; ptr[i]; i++) {
- if (!isdigit(ptr[i])) {
+ if (!isdigit((unsigned char)ptr[i])) {
audit_msg(au, LOG_ERR,
"Value %s should only be numbers - line %d",
val, line);
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 84c41ea..cc03a15 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -321,7 +321,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode)
static int is_int_string(const char *str)
{
while (*str) {
- if (!isdigit(*str))
+ if (!isdigit((unsigned char)*str))
return 0;
str++;
}
@@ -1381,7 +1381,7 @@ static const char *print_success(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
@@ -2185,7 +2185,7 @@ static const char *print_fanotify(const char *val)
{
int res;
- if (isdigit(*val)) {
+ if (isdigit((unsigned char)*val)) {
errno = 0;
res = strtoul(val, NULL, 10);
if (errno) {
diff --git a/src/auditctl.c b/src/auditctl.c
index 1eb424c..778b374 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -631,7 +631,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'r':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t rate;
errno = 0;
rate = strtoul(optarg,NULL,0);
@@ -650,7 +650,7 @@ static int setopt(int count, int lineno, char *vars[])
}
break;
case 'b':
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t limit;
errno = 0;
limit = strtoul(optarg,NULL,0);
@@ -1061,7 +1061,7 @@ process_keys:
case 2:
#if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \
HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1
- if (optarg && isdigit(optarg[0])) {
+ if (optarg && isdigit((unsigned char)optarg[0])) {
uint32_t bwt;
errno = 0;
bwt = strtoul(optarg,NULL,0);
diff --git a/src/aureport-options.c b/src/aureport-options.c
index 7a8d92a..7264d5e 100644
--- a/src/aureport-options.c
+++ b/src/aureport-options.c
@@ -384,7 +384,7 @@ int check_params(int count, char *vars[])
// } else {
// UNIMPLEMENTED;
// set_detail(D_SPECIFIC);
-// if (isdigit(optarg[0])) {
+// if (isdigit((unsigned char)optarg[0])) {
// errno = 0;
// event_id = strtoul(optarg,
// NULL, 10);
@@ -763,7 +763,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
diff --git a/src/aureport-output.c b/src/aureport-output.c
index a635d53..27a2ce2 100644
--- a/src/aureport-output.c
+++ b/src/aureport-output.c
@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr)
long uid;
char name[64];
- if (sn->str[0] == '-' || isdigit(sn->str[0])) {
+ if (sn->str[0] == '-' || isdigit((unsigned char)sn->str[0])) {
uid = strtol(sn->str, NULL, 10);
printf("%u ", sn->hits);
safe_print_string(aulookup_uid(uid, name,
diff --git a/src/ausearch-options.c b/src/ausearch-options.c
index eff0596..aa13590 100644
--- a/src/ausearch-options.c
+++ b/src/ausearch-options.c
@@ -253,7 +253,7 @@ static int convert_str_to_msg(const char *optarg)
{
int tmp, retval = 0;
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
tmp = strtoul(optarg, NULL, 10);
if (errno) {
@@ -335,7 +335,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_id = strtoul(optarg, NULL, 10);
if (errno) {
@@ -357,7 +357,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10);
if (errno || arg_eoe_timeout == 0) {
@@ -463,7 +463,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -497,7 +497,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_egid = strtoul(optarg,NULL,10);
if (errno) {
@@ -529,7 +529,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_gid = strtoul(optarg,NULL,10);
if (errno) {
@@ -648,7 +648,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_ppid = strtol(optarg,NULL,10);
if (errno)
@@ -669,7 +669,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_pid = strtol(optarg,NULL,10);
if (errno)
@@ -787,7 +787,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_syscall = (int)strtoul(optarg, NULL, 10);
if (errno) {
@@ -886,7 +886,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
unsigned long optval = strtoul(optarg,NULL,10);
if (errno || optval >= (1ul << 32))
@@ -894,7 +894,7 @@ int check_params(int count, char *vars[])
event_session_id = optval;
c++;
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
long optval = strtol(optarg, NULL, 0);
if (errno || optval < INT_MIN || optval > INT_MAX) {
@@ -926,7 +926,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -935,7 +935,7 @@ int check_params(int count, char *vars[])
optarg);
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_exit = strtoll(optarg, NULL, 0);
if (errno) {
@@ -1067,7 +1067,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1100,7 +1100,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_euid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1133,7 +1133,7 @@ int check_params(int count, char *vars[])
retval = -1;
break;
}
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_uid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1177,7 +1177,7 @@ int check_params(int count, char *vars[])
}
{
size_t len = strlen(optarg);
- if (isdigit(optarg[0])) {
+ if (isdigit((unsigned char)optarg[0])) {
errno = 0;
event_loginuid = strtoul(optarg,NULL,10);
if (errno) {
@@ -1187,7 +1187,7 @@ int check_params(int count, char *vars[])
retval = -1;
}
} else if (len >= 2 && *(optarg)=='-' &&
- (isdigit(optarg[1]))) {
+ (isdigit((unsigned char)optarg[1]))) {
errno = 0;
event_loginuid = strtol(optarg, NULL, 0);
if (errno) {
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
index 7ee7bd4..f34e21d 100644
--- a/src/ausearch-parse.c
+++ b/src/ausearch-parse.c
@@ -1115,7 +1115,7 @@ try_again:
return 25;
ptr = str + 4;
term = ptr;
- while (isdigit(*term))
+ while (isdigit((unsigned char)*term))
term++;
if (term == ptr)
return 14;
diff --git a/tools/ausyscall/ausyscall.c b/tools/ausyscall/ausyscall.c
index 206e9ff..2ef4ad1 100644
--- a/tools/ausyscall/ausyscall.c
+++ b/tools/ausyscall/ausyscall.c
@@ -47,9 +47,9 @@ int main(int argc, char *argv[])
usage();
} else if (argc < 2)
usage();
-
+
for (i=1; i<argc; i++) {
- if (isdigit(argv[i][0])) {
+ if (isdigit((unsigned char)argv[i][0])) {
if (syscall_num != -1) {
fputs("Two syscall numbers not allowed\n",
stderr);
--
2.33.0

53
backport-last-part-of-NULL-pointer-checks.patch Normal file
View File

@ -0,0 +1,53 @@
From 97f3c78b6b31126c1128927d9c85bb794a1efa17 Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Fri, 15 Mar 2024 18:13:36 +0300
Subject: [PATCH] last part of NULL pointer checks
Reference:https://github.com/linux-audit/audit-userspace/commit/97f3c78b6b31126c1128927d9c85bb794a1efa17
Conflict:auparse/interpret.c
---
auparse/interpret.c | 4 ++++
src/ausearch-lookup.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index cc03a15..19934a2 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -415,6 +415,9 @@ int load_interpretation_list(const char *buffer)
return 0;
buf = strdup(buffer);
+ if (buf == NULL) {
+ goto err_out;
+ }
if (strncmp(buf, "SADDR=", 6) == 0) {
// We have SOCKADDR record. It has no other values.
// Handle it by itself.
@@ -431,6 +434,7 @@ int load_interpretation_list(const char *buffer)
return 1;
}
}
+err_out:
free(buf);
return 0;
} else {
diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c
index dd58c36..8ff881e 100644
--- a/src/ausearch-lookup.c
+++ b/src/ausearch-lookup.c
@@ -304,6 +304,10 @@ char *unescape(const char *buf)
return NULL;
str = strndup(buf, ptr - buf);
+ if (str == NULL) {
+ fprintf(stderr, "Memory alocation error");
+ return NULL;
+ }
if (*buf == '(')
return str;
--
2.33.0

42
backport-lib-avoid-UB-on-sequence-wrap-around-347.patch Normal file
View File

@ -0,0 +1,42 @@
From f5c35d7d5e064af5ad31d22f900d148d932ad9b1 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Mon, 15 Jan 2024 21:44:04 +0100
Subject: [PATCH] lib: avoid UB on sequence wrap-around (#347)
Signed integer overflow is undefined, allowing compilers to optimize the
condition `++sequence < 0` away.
Reference:https://github.com/linux-audit/audit-userspace/commit/f5c35d7d5e064af5ad31d22f900d148d932ad9b1
Conflict:NA
---
lib/netlink.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/netlink.c b/lib/netlink.c
index e643e4e..7e81ab5 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
#include <time.h>
#include <sys/poll.h>
#include "libaudit.h"
@@ -210,8 +211,10 @@ int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq
return -errno;
}
- if (++sequence < 0)
+ if (sequence == INT_MAX)
sequence = 1;
+ else
+ sequence++;
*seq = sequence;
memset(&req, 0, sizeof(req));
--
2.33.0

156
backport-lib-cast-to-unsigned-char-for-character-test-functio.patch Normal file
View File

@ -0,0 +1,156 @@
From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Thu, 2 Nov 2023 21:20:40 +0100
Subject: [PATCH] lib: cast to unsigned char for character test functions
(#338)
Passing a value not representable by unsigned char is undefined
behavior.
Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1
Conflict:lib/libaudit.c
---
lib/libaudit.c | 30 +++++++++++++++---------------
lib/lookup_table.c | 2 +-
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 02c263e..5843ac0 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1006,7 +1006,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule,
return -2;
nr = audit_name_to_syscall(scall, machine);
if (nr < 0) {
- if (isdigit(scall[0]))
+ if (isdigit((unsigned char)scall[0]))
nr = strtol(scall, NULL, 0);
}
if (nr >= 0)
@@ -1535,11 +1535,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
case AUDIT_OBJ_UID:
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1559,7 +1559,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
case AUDIT_SGID:
case AUDIT_FSGID:
case AUDIT_OBJ_GID:
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1575,11 +1575,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
if (flags != AUDIT_FILTER_EXIT)
return -EAU_EXITONLY;
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
@@ -1594,7 +1594,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
flags != AUDIT_FILTER_USER)
return -EAU_MSGTYPEEXCLUDEUSER;
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
@@ -1665,7 +1665,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_ARCHMISPLACED;
if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
return -EAU_OPEQNOTEQ;
- if (isdigit((char)*(v))) {
+ if (isdigit((unsigned char)*(v))) {
int machine;
errno = 0;
@@ -1706,7 +1706,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_STRTOOLONG;
for (i = 0; i < len; i++) {
- switch (tolower(v[i])) {
+ switch (tolower((unsigned char)v[i])) {
case 'r':
val |= AUDIT_PERM_READ;
break;
@@ -1740,7 +1740,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_FIELDUNAVAIL;
if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
return -EAU_OPEQNOTEQ;
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else
@@ -1753,11 +1753,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
break;
case AUDIT_ARG0...AUDIT_ARG3:
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
@@ -1773,11 +1773,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
return -EAU_FIELDNOFILTER;
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
- if (isdigit((char)*(v)))
+ if (isdigit((unsigned char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
- (isdigit((char)*(v+1))))
+ (isdigit((unsigned char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (strcmp(v, "unset") == 0)
@@ -1803,7 +1803,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT))
return -EAU_EXITONLY;
- if (!isdigit((char)*(v)))
+ if (!isdigit((unsigned char)*(v)))
return -EAU_FIELDVALNUM;
if (field == AUDIT_INODE)
diff --git a/lib/lookup_table.c b/lib/lookup_table.c
index 23678a4..d97c5fb 100644
--- a/lib/lookup_table.c
+++ b/lib/lookup_table.c
@@ -223,7 +223,7 @@ int audit_name_to_msg_type(const char *msg_type)
strncpy(buf, msg_type + 8, len);
errno = 0;
return strtol(buf, NULL, 10);
- } else if (isdigit(*msg_type)) {
+ } else if (isdigit((unsigned char)*msg_type)) {
errno = 0;
return strtol(msg_type, NULL, 10);
}
--
2.33.0

35
backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch Normal file
View File

@ -0,0 +1,35 @@
From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 20:35:40 +0100
Subject: [PATCH] lib: close audit socket in load_feature_bitmap() (#334)
Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3
Conflict:NA
---
lib/libaudit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index ded3ab47..4c317c87 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
/* Found it... */
features_bitmap = rep.status->feature_bitmap;
+ audit_close(fd);
return;
}
}
}
#endif
features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
+ audit_close(fd);
}
uint32_t audit_get_features(void)
--
2.33.0

29
backport-lib-enclose-macro-to-avoid-precedence-issues.patch Normal file
View File

@ -0,0 +1,29 @@
From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 31 Oct 2023 16:49:10 +0100
Subject: [PATCH] lib: enclose macro to avoid precedence issues
Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111
Conflict:NA
---
lib/audit_logging.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/audit_logging.c b/lib/audit_logging.c
index 8b8b6207..e8b79d3e 100644
--- a/lib/audit_logging.c
+++ b/lib/audit_logging.c
@@ -38,7 +38,7 @@
#include "private.h"
#define TTY_PATH 32
-#define MAX_USER (UT_NAMESIZE * 2) + 8
+#define MAX_USER ((UT_NAMESIZE * 2) + 8)
// NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore,
// these routines do not need to send them.
--
2.33.0

56
backport-memory-allocation-updates-341.patch Normal file
View File

@ -0,0 +1,56 @@
From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 22:15:40 +0100
Subject: [PATCH] memory allocation updates (#341)
* Check memory allocation
Avoid later NULL dereference.
* Check memory allocation and merge zeroing
Avoid later NULL dereference.
Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af
Conflict:NA
---
auparse/interpret.c | 2 ++
lib/libaudit.c | 7 +++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/auparse/interpret.c b/auparse/interpret.c
index ecde07ae..76ca2814 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -366,6 +366,8 @@ char *au_unescape(char *buf)
// strlen(buf) / 2.
olen = strlen(buf);
str = malloc(olen+1);
+ if (!str)
+ return NULL;
saved = *ptr;
*ptr = 0;
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 6a42871b..d90d83b8 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point,
struct {
uint32_t sizes[2];
unsigned char buf[];
- } *cmd = malloc(sizeof(*cmd) + len1 + len2);
+ } *cmd = calloc(1, sizeof(*cmd) + len1 + len2);
- memset(cmd, 0, sizeof(*cmd) + len1 + len2);
+ if (!cmd) {
+ audit_msg(LOG_ERR, "Cannot allocate memory!");
+ return -ENOMEM;
+ }
cmd->sizes[0] = len1;
cmd->sizes[1] = len2;
--
2.33.0

188
backport-second-part-of-NULL-pointer-checks.patch Normal file
View File

@ -0,0 +1,188 @@
From 15d29a145ebe67cae52316871fcdedb5a19ce628 Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Fri, 15 Mar 2024 18:00:54 +0300
Subject: [PATCH] second part of NULL pointer checks
Reference:https://github.com/linux-audit/audit-userspace/commit/15d29a145ebe67cae52316871fcdedb5a19ce628
Conflict:NA
---
audisp/plugins/zos-remote/zos-remote-queue.c | 5 +++++
audisp/queue.c | 5 +++++
auparse/normalize-llist.c | 3 +++
auparse/normalize.c | 9 +++++++++
lib/gen_tables.c | 10 ++++++++--
src/ausearch-lol.c | 12 ++++++++++++
src/ausearch-nvpair.c | 3 +++
src/ausearch-string.c | 3 +++
8 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
index 37d91bd8..47dd006e 100644
--- a/audisp/plugins/zos-remote/zos-remote-queue.c
+++ b/audisp/plugins/zos-remote/zos-remote-queue.c
@@ -130,6 +130,11 @@ void increase_queue_depth(unsigned int size)
void *tmp_q;
tmp_q = realloc(q, size * sizeof(BerElement *));
+ if (tmp_q == NULL) {
+ log_err("Memory allocation error");;
+ pthread_mutex_unlock(&queue_lock);
+ return;
+ }
q = tmp_q;
for (i=q_depth; i<size; i++)
q[i] = NULL;
diff --git a/audisp/queue.c b/audisp/queue.c
index 6898d09f..76b62593 100644
--- a/audisp/queue.c
+++ b/audisp/queue.c
@@ -229,6 +229,11 @@ void increase_queue_depth(unsigned int size)
void *tmp_q;
tmp_q = realloc(q, size * sizeof(event_t *));
+ if (tmp_q == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ pthread_mutex_unlock(&queue_lock);
+ return;
+ }
q = tmp_q;
for (i=q_depth; i<size; i++)
q[i] = NULL;
diff --git a/auparse/normalize-llist.c b/auparse/normalize-llist.c
index fd9d6cc8..32d5f124 100644
--- a/auparse/normalize-llist.c
+++ b/auparse/normalize-llist.c
@@ -66,6 +66,9 @@ void cllist_append(cllist *l, uint32_t num, void *data)
data_node *newnode;
newnode = malloc(sizeof(data_node));
+ if (newnode == NULL) {
+ return;
+ }
newnode->num = num;
newnode->data = data;
diff --git a/auparse/normalize.c b/auparse/normalize.c
index ae6e3d2d..58d28213 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -1191,6 +1191,11 @@ static int normalize_compound(auparse_state_t *au)
if (f) {
const char *exe = auparse_interpret_field(au);
D.how = strdup(exe);
+ if (D.how == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ free((void *)syscall);
+ return 1;
+ }
if ((strncmp(D.how, "/usr/bin/python", 15) == 0) ||
(strncmp(D.how, "/usr/bin/sh", 11) == 0) ||
(strncmp(D.how, "/usr/bin/bash", 13) == 0) ||
@@ -1999,6 +2004,10 @@ map:
if (f) {
const char *exe = auparse_interpret_field(au);
D.how = strdup(exe);
+ if (D.how == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ return 1;
+ }
if ((strncmp(D.how, "/usr/bin/python", 15) == 0) ||
(strncmp(D.how, "/usr/bin/sh", 11) == 0) ||
(strncmp(D.how, "/usr/bin/bash", 13) == 0) ||
diff --git a/lib/gen_tables.c b/lib/gen_tables.c
index 3326759d..4ff233d0 100644
--- a/lib/gen_tables.c
+++ b/lib/gen_tables.c
@@ -271,7 +271,10 @@ output_i2s(const char *prefix)
}
unique_values = malloc(NUM_VALUES * sizeof(*unique_values));
- assert(unique_values != NULL);
+ if (unique_values == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ abort();
+ }
n = 0;
for (i = 0; i < NUM_VALUES; i++) {
if (n == 0 || unique_values[n - 1].val != values[i].val) {
@@ -351,7 +354,10 @@ output_i2s_transtab(const char *prefix)
printf("{%d,%zu},", values[i].val, values[i].s_offset);
}
uc_prefix = strdup(prefix);
- assert(uc_prefix != NULL);
+ if (uc_prefix == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ abort();
+ }
for (i = 0; uc_prefix[i] != '\0'; i++)
uc_prefix[i] = toupper((unsigned char)uc_prefix[i]);
printf("\n"
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index bcfb9ad8..c2140b7e 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -47,6 +47,10 @@ void lol_create(lol *lo)
lo->maxi = -1;
lo->limit = ARRAY_LIMIT;
lo->array = (lolnode *)malloc(size);
+ if (lo->array == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ return;
+ }
memset(lo->array, 0, size);
}
@@ -305,6 +309,10 @@ int lol_add_record(lol *lo, char *buff)
n.a1 = 0L;
n.type = e.type;
n.message = strdup(buff);
+ if(n.message == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ return 0;
+ }
ptr = strchr(n.message, AUDIT_INTERP_SEPARATOR);
if (ptr) {
n.mlen = ptr - n.message;
@@ -359,6 +367,10 @@ int lol_add_record(lol *lo, char *buff)
// Create new event and fill it in
l = malloc(sizeof(llist));
+ if (l == NULL) {
+ fprintf(stderr, "Memory allocation error");
+ return 0;
+ }
list_create(l);
l->e.milli = e.milli;
l->e.sec = e.sec;
diff --git a/src/ausearch-nvpair.c b/src/ausearch-nvpair.c
index 8d0088e5..c344c27c 100644
--- a/src/ausearch-nvpair.c
+++ b/src/ausearch-nvpair.c
@@ -37,6 +37,9 @@ void search_list_create(nvlist *l)
void search_list_append(nvlist *l, nvnode *node)
{
nvnode* newnode = malloc(sizeof(nvnode));
+ if (newnode == NULL) {
+ return;
+ }
newnode->name = node->name;
newnode->val = node->val;
diff --git a/src/ausearch-string.c b/src/ausearch-string.c
index fbbacd77..f875bb2c 100644
--- a/src/ausearch-string.c
+++ b/src/ausearch-string.c
@@ -49,6 +49,9 @@ void slist_append(slist *l, const snode *node)
snode* newnode;
newnode = malloc(sizeof(snode));
+ if (newnode == NULL) {
+ return;
+ }
if (node->str)
newnode->str = node->str;
--
2.33.0

279
backport-update-error-messages-in-NULL-Checks.patch Normal file
View File

@ -0,0 +1,279 @@
From dc7450f2fd056c7ca5eb29182ccb30ec0a4228c5 Mon Sep 17 00:00:00 2001
From: Yugend <jugendd@mail.ru>
Date: Fri, 22 Mar 2024 14:01:59 +0300
Subject: [PATCH] update error messages in NULL Checks
Reference:https://github.com/linux-audit/audit-userspace/commit/dc7450f2fd056c7ca5eb29182ccb30ec0a4228c5
Conflict:NA
---
audisp/audispd-llist.c | 1 +
audisp/plugins/zos-remote/zos-remote-queue.c | 2 +-
audisp/queue.c | 2 +-
auparse/auparse.c | 2 +-
auparse/normalize-llist.c | 1 +
auparse/normalize.c | 4 ++--
lib/gen_tables.c | 4 ++--
src/auditctl-llist.c | 1 +
src/auditctl.c | 2 +-
src/ausearch-avc.c | 1 +
src/ausearch-int.c | 1 +
src/ausearch-llist.c | 1 +
src/ausearch-lol.c | 6 +++---
src/ausearch-lookup.c | 2 +-
src/ausearch-nvpair.c | 1 +
src/ausearch-string.c | 1 +
tools/aulastlog/aulastlog-llist.c | 1 +
17 files changed, 21 insertions(+), 12 deletions(-)
diff --git a/audisp/audispd-llist.c b/audisp/audispd-llist.c
index c338327d..30d7f03b 100644
--- a/audisp/audispd-llist.c
+++ b/audisp/audispd-llist.c
@@ -75,6 +75,7 @@ void plist_append(conf_llist *l, plugin_conf_t *p)
newnode = malloc(sizeof(lnode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
index f8019890..67397f38 100644
--- a/audisp/plugins/zos-remote/zos-remote-queue.c
+++ b/audisp/plugins/zos-remote/zos-remote-queue.c
@@ -131,7 +131,7 @@ void increase_queue_depth(unsigned int size)
tmp_q = realloc(q, size * sizeof(BerElement *));
if (tmp_q == NULL) {
- log_err("Memory allocation error");;
+ log_err("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
pthread_mutex_unlock(&queue_lock);
return;
}
diff --git a/audisp/queue.c b/audisp/queue.c
index 76b62593..8bd20ea1 100644
--- a/audisp/queue.c
+++ b/audisp/queue.c
@@ -230,7 +230,7 @@ void increase_queue_depth(unsigned int size)
tmp_q = realloc(q, size * sizeof(event_t *));
if (tmp_q == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of Memory. Check %s file, %d line", __FILE__, __LINE__);
pthread_mutex_unlock(&queue_lock);
return;
}
diff --git a/auparse/auparse.c b/auparse/auparse.c
index e782058d..c423ffa8 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -114,7 +114,7 @@ static int setup_log_file_array(auparse_state_t *au)
num--;
tmp = malloc((num+2)*sizeof(char *));
if (!tmp) {
- fprintf(stderr, "No memory\n");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
aup_free_config(&config);
free(filename);
return 1;
diff --git a/auparse/normalize-llist.c b/auparse/normalize-llist.c
index 32d5f124..433c457f 100644
--- a/auparse/normalize-llist.c
+++ b/auparse/normalize-llist.c
@@ -67,6 +67,7 @@ void cllist_append(cllist *l, uint32_t num, void *data)
newnode = malloc(sizeof(data_node));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/auparse/normalize.c b/auparse/normalize.c
index 58d28213..d4f6c441 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
@@ -1192,7 +1192,7 @@ static int normalize_compound(auparse_state_t *au)
const char *exe = auparse_interpret_field(au);
D.how = strdup(exe);
if (D.how == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
free((void *)syscall);
return 1;
}
@@ -2005,7 +2005,7 @@ map:
const char *exe = auparse_interpret_field(au);
D.how = strdup(exe);
if (D.how == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return 1;
}
if ((strncmp(D.how, "/usr/bin/python", 15) == 0) ||
diff --git a/lib/gen_tables.c b/lib/gen_tables.c
index 4ff233d0..a2930ff9 100644
--- a/lib/gen_tables.c
+++ b/lib/gen_tables.c
@@ -272,7 +272,7 @@ output_i2s(const char *prefix)
unique_values = malloc(NUM_VALUES * sizeof(*unique_values));
if (unique_values == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
abort();
}
n = 0;
@@ -355,7 +355,7 @@ output_i2s_transtab(const char *prefix)
}
uc_prefix = strdup(prefix);
if (uc_prefix == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
abort();
}
for (i = 0; uc_prefix[i] != '\0'; i++)
diff --git a/src/auditctl-llist.c b/src/auditctl-llist.c
index 0f81d4c8..5282ee32 100644
--- a/src/auditctl-llist.c
+++ b/src/auditctl-llist.c
@@ -65,6 +65,7 @@ void list_append(llist *l, const struct audit_rule_data *r, size_t sz)
newnode = malloc(sizeof(lnode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/src/auditctl.c b/src/auditctl.c
index ee7e33c8..093dca00 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1392,7 +1392,7 @@ static int fileopt(const char *file)
i = 0;
fields = malloc(nf * sizeof(char *));
if (fields == NULL) {
- audit_msg(LOG_ERR, "Memory allocation error");
+ audit_msg(LOG_ERR, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return 1;
}
diff --git a/src/ausearch-avc.c b/src/ausearch-avc.c
index 6aa98c70..38576563 100644
--- a/src/ausearch-avc.c
+++ b/src/ausearch-avc.c
@@ -68,6 +68,7 @@ void alist_append(alist *l, anode *node)
newnode = malloc(sizeof(anode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/src/ausearch-int.c b/src/ausearch-int.c
index 0e8b0ffe..5f57b059 100644
--- a/src/ausearch-int.c
+++ b/src/ausearch-int.c
@@ -47,6 +47,7 @@ void ilist_append(ilist *l, int num, unsigned int hits, int aux)
newnode = malloc(sizeof(int_node));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/src/ausearch-llist.c b/src/ausearch-llist.c
index 36fcae6d..7926980c 100644
--- a/src/ausearch-llist.c
+++ b/src/ausearch-llist.c
@@ -108,6 +108,7 @@ void list_append(llist *l, lnode *node)
newnode = malloc(sizeof(lnode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index 7562dc21..a5418079 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -48,7 +48,7 @@ void lol_create(lol *lo)
lo->limit = ARRAY_LIMIT;
lo->array = (lolnode *)malloc(size);
if (lo->array == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
lo->limit = 0;
return;
}
@@ -311,7 +311,7 @@ int lol_add_record(lol *lo, char *buff)
n.type = e.type;
n.message = strdup(buff);
if(n.message == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return 0;
}
ptr = strchr(n.message, AUDIT_INTERP_SEPARATOR);
@@ -369,7 +369,7 @@ int lol_add_record(lol *lo, char *buff)
// Create new event and fill it in
l = malloc(sizeof(llist));
if (l == NULL) {
- fprintf(stderr, "Memory allocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return 0;
}
list_create(l);
diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c
index 86239f39..2d6f48ca 100644
--- a/src/ausearch-lookup.c
+++ b/src/ausearch-lookup.c
@@ -303,7 +303,7 @@ char *unescape(const char *buf)
str = strndup(buf, ptr - buf);
if (str == NULL) {
- fprintf(stderr, "Memory alocation error");
+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return NULL;
}
diff --git a/src/ausearch-nvpair.c b/src/ausearch-nvpair.c
index c344c27c..3a1b27db 100644
--- a/src/ausearch-nvpair.c
+++ b/src/ausearch-nvpair.c
@@ -38,6 +38,7 @@ void search_list_append(nvlist *l, nvnode *node)
{
nvnode* newnode = malloc(sizeof(nvnode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/src/ausearch-string.c b/src/ausearch-string.c
index f875bb2c..bd317b96 100644
--- a/src/ausearch-string.c
+++ b/src/ausearch-string.c
@@ -50,6 +50,7 @@ void slist_append(slist *l, const snode *node)
newnode = malloc(sizeof(snode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
diff --git a/tools/aulastlog/aulastlog-llist.c b/tools/aulastlog/aulastlog-llist.c
index 779afb50..0b89be65 100644
--- a/tools/aulastlog/aulastlog-llist.c
+++ b/tools/aulastlog/aulastlog-llist.c
@@ -47,6 +47,7 @@ void list_append(llist *l, lnode *node)
newnode = malloc(sizeof(lnode));
if (newnode == NULL) {
+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
return;
}
--
2.33.0